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DETAILED ACTION 

1 . A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1 .17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 9 
February 2006 has been entered. 

2. The claims 26-50 are pending in this application. Claims 1-25 have been 
cancelled. Claims 26, 30, 38, and 46 have been amended. 

Claim Rejections - 35 USC § 101 

3. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

4. Claims 26-29 and 46-50 are rejected under 35 U.S.C. 101 because the claimed 
invention is directed to non-statutory subject matter. Claims 26-29 and 46-50 are not 
limited to tangible embodiment. In view of Applicant's disclosure, specification pg. 9 
lines 9-17 and pg. 10 lines 14-17, the computer-readable medium is not limited to 
tangible embodiments, instead being defined as including both tangible embodiments 
(e.g., optical or magnetic storage media or memory media such as RAM, ROM, 
EEPROM, CD-ROM) and intangible embodiments (e.g., conveyed via a communication 
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medium such as hardwired or wireless). As such, the claims are not limited to statutory 
subject matter and are therefore non-statutory. 

Claim Rejections - 35 USC §112 

5. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

6. Claims 26. 30. 38. and 46 are reiected under 35 U,S.C. 112. second paragraph, 
as being indefinite for failing to particularly point out and distinctly claim the subiect 
matter which applicant regards as the invention. 

7. Regarding claims 26, 30, 38, and 46, Applicant claims the controlling client 
computer system is different from the client computer system, but Applicant does not 
claim how they differ. According to Applicant's specification (pg. 20 lines 9-11), client 
computer system 220e is the controlling client computer system and controls which 
authentication methods are acceptable for client computer systems 220a through 220d 
in addition to which authentication methods are acceptable for itself. The controlling 
client computer system is still a client computer system (see specification pg. 20 lines 9- 
11, pg. 19 lines 19-22). 

Examiner identifies multiple ways in which the controlling client computer system 
could be different from the requesting client computer system. One way is for the 
controlling client computer system to be physically separate from the requesting client 
computer system, e.g. a web server acting as a gateway between a user and the 
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Internet. Another way is for the controlling client computer system to be in the same 
computer system as the requesting client computer system and differentiate itself 
according to a process, e.g. a superuser has administrative control over the 
authentication of another user For purposes of examination, Examiner assumes the 
second way. 

8. Regarding claims 26, 30, 38, and 46, Applicant claims the authentication method 
selection is based on the client computer system's authentication abilities and access 
rights. Applicant gives examples of authentication abilities (see specification page 15 
line 1 9 - page 16 line 4; client computer systems 220c and 220d have capabilities to 
authenticate using methods 211-214, but methods 212-214 are incompatible with sen/er 
computer system 210 and so client computer systems 220c and 220d are only able to 
authenticate with sen/er computer system 210 using method 211) and access rights 
(see specification page 19 lines 1-2; client computer systems 220c and 220d have 
access rights to perform harmless operations), but Applicant does not define what 
authentication abilities and access rights are. For purposes of examination. Examiner 
interprets authentication abilities to mean that a system is capable of authenticating and 
being authenticated by a system. For purposes of examination, Examiner interprets 
access rights to mean a system has access rights after a positive authentication. 
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9. Claims 26. 30. 38, and 46 are rejected under 35 U.S.C, 112, second paragraph, 
as being incomplete for omitting essential elements, such omission amounting to a gap 
between the elements. See MPEP § 2172.01. The omitted elements are: 

a. Regarding claims 26 and 38, Applicant claims the use of the 
authentication fields and authentication methodologies by the server computer 
system for authenticating requesting client computer systems. There is no 
explanation of how the server computer system has access to the authentication 
fields and authentication methods. 

b. Regarding claims 30 and 46, Applicant claims a method and computer- 
readable medium in which a controlling client computer system sends an 
instruction indicating a selected authentication method. Although according to 
the preamble in claim 30, the method is located in a server computer, Applicant 
does not claim in either claim 30 or claim 46 which computer system - the client 
computer system, the controlling client computer system, or the server computer 
- receives the instruction indicating an authentication methodology or which 
computer system - the client computer system, the controlling client computer 
system, or the server computer - authenticates the client computer system. 

c. Regarding claim 38, Applicant claims a method that generates an 
instruction indicating a selected authentication method and sends the instruction 
to a server computer system. Although according to the preamble, the method is 
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located in a controlling client computer system, Applicant does not claim which 
computer system - the client computer system, the controlling client computer 
system, or the server computer system - generates the instruction indicating an 
authentication methodology or which computer system - the client computer 
system, the controlling client computer system, or the server computer system - 
sends the instruction to the server computer system. 

Claim Rejections - 35 USC § 103 

10. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth In section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

11. Claims 26-33, 35, 38-41. 43, and 46-49 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Wood et al. (U.S. Patent 6,691.232). hereafter referred to as 
Wood, in view of Lim (U.S. Patent 6.728,884). 

12. Regarding claim 26, Wood disclosed a computer-readable medium having stored 
thereon a data structure having a plurality of fields, the data structure comprising: 

a plurality of client identifier fields (see col. 1 1 lines 39-41 ; Fig 4 #410; user ID) 
that each identify a client computer system that is connected to a server computer 
system (see col. 1 1 lines 50-55; user logs in via an HTML browser)] and 
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for each identified client computer system, the data structure further comprising 
at least one authentication field (see col. 1 1 lines 40-45; credentials are authenticated) 
that identifies an authentication method (see col. 11 lines 40-47; user selects an 
authentication scheme) to be used by the server computer system for authenticating the 
client computer system upon receiving a request from the client computer system for 
service, the authentication method having been selected (see col. 11 lines 45-47; user 
selects an authentication scheme) based on authentication abilities and access rights of 
the client computer system (see col. 1 1 lines 52-56; user enters login credentials) so 
that the client computer system need not unnecessarily reveal secret information. 

Wood did not explicitly disclose a controlling client computer system, e.g. 
Registry Server, that has a different process than the client computer system nor that 
the controlling client system controls which authentication method is used. 

However, in an analogous art, Lim disclosed a Registry Server 108 containing 
information on how a user should be authenticated (see col. 6 lines 11-19). The 
Authentication and Authorization Module 114 in the Access Server 106 uses this 
authentication information to authenticate the user (see col. 5 line 61 - col. 6 line 10). 

It would have been obvious to one of ordinary skill in this art at the time of 
invention to incorporate an authentication registry containing information about how a 
user should be authenticated into Wood's authentication system. This would increase 
security by allowing a third entity to control a user's authentication. 
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13. Regarding claim 27, Wood-Lim disclosed each client identifier field identifies a 
single client computer system (see Wood col. 1 1 lines 50-55). 

14. Regarding claim 28, Wood-Lim disclosed the server computer system has 
access to the data structure prior to receiving the request from the client computer (see 
Wood col. 12, lines 25-50). 

15. Regarding claim 29, Wood-Lim disclosed the data structure is further configured 
to be altered upon being stored, so as to allow a client computer to use additional 
authentication methods (see Wood col. 1 1 lines 30-67). 

16. Regarding claim 30, Wood disclosed a method in a server computer of 
authenticating client computer systems, the method comprising: 

receiving an instruction that indicates an authentication methodology that is to be 
used to authenticate a client computer system (see col. 1 1 lines 30-67), the 
authentication methodology being selected from multiple authentication methodologies 
based on authentication abilities and access rights of the client computer system (see 
col. 11 lines 30-67); and 

upon receiving a request from the client computer system to access a service of 
the server computer, authenticating the client computer system using the indicated 
authentication methodology (col. 12 lines 25-50). 
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Wood did not explicitly disclose a controlling client computer system containing 
authentication instructions. However, in an analogous art, Lim disclosed a Registry 
Server 108 containing information on how a user should be authenticated (see col. 6 
lines 11-19). Lim also disclosed the Authentication and Authorization Module 1 14 in the 
Access Server 106 used this authentication information to authenticate the user (see 
col. 5 line 61 - col. 6 line 10). It would have been obvious to one of ordinary skill in this 
art at the time of invention to combine the teachings of Wood and Lim, the rational to 
combine is discussed in claim 26 above. 

17. Regarding claim 31, Wood-Lim disclosed the instruction indicates that multiple 
authentication methodologies can be used to authenticate the client computer system 
and wherein the client computer system is authenticated using one of the indicated 
authentication methodologies (see Wood col. 11 lines 30-67). 

18. Regarding claim 32, Wood-Lim disclosed the instruction indicates that the 
authentication methodology is to be used to authenticate multiple client computer 
systems and wherein the multiple client computer systems are authenticated using the 
indicated authentication methodology (see Wood col. 7 lines 35-40 plurality of client 
systems authenticate with the gatekeeper/entry handler component 110), 

19. Regarding claim 33, Wood-Lim disclosed the instruction indicates multiple 
authentication methodologies can be used to authenticate multiple client computer 
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systems and wherein the multiple client computer systems are authenticated using one 
of the indicated authentication methodologies (see Wood col. 7 lines 35-40; col. 11 lines 
30-67; the user/client is allowed to choose credential types to be used to authenticate to 
the server, all the users can use a particular method of authentication, /.e. certificate 
authority). 

20. Regarding claim 35, Wood-Lim disclosed the authentication methodology is a 
basic HTTP authentication (col. 12 lines 25-30). 

21 . Regarding claims 38-41 and 43, the claims are rejected for the same reasons as 
the rejections to claims 30-33 and 35 above respectively. 

22. Regarding claims 46-49, the claims are rejected for the same reasons as the 
rejections to claims 30-33 above respectively. 

23. Claims 34, 36-37, 42. 44-45, and 50 are reiected under 35 U.S.C. 103(a) as 
being unpatentable over Wood-Lim as applied to claims 30. 38. and 49 above, further in 
view of AAPA (Applicant Admitted Prior Art). 

24. Regarding claim 34 and 42, Wood-Lim disclosed the invention, substantially as 
claimed, as described in claims 30 and 38, but did not explicitly disclose an assertion 
authentication. 
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However, AAPA disclosed assertion methodology is a way of authenticating 
between client and server (see for example AAPA specification pg 3 lines 1-3). It would 
have been obvious to one of ordinary skill in this art at the time of invention to combine 
the teachings of Wood-Lim and AAPA because the teaching of AAPA to allow assertion 
would improve the trust in between the two systems, as both sides agree to trust each 
other initially. Furthermore, Wood-Lim's system supports plurality of authentication 
methodologies, it would have been obvious to incorporate assertion methods with 
Wood-Lim to improve the functionality of Wood-Lim by allowing for more choices for 
authentication. 

25. Regarding claims 36 and 44, Wood-Lim disclosed the invention, substantially as 
claimed, as described in claims 30 and 38, but did not explicitly disclose digest 
authentication. 

However, AAPA disclosed a digest method (see for example pg 3 lines 10-22). It 
would have been obvious to one of ordinary skill in this art at the time of invention to 
combine the teachings of Wood-Lim and AAPA, the rationale to combine is discussed in 
claims 34 and 42 above. 

26. Regarding claims 37 and 45, Wood-Lim disclosed the invention, substantially as 
claimed, as described in claims 30 and 38, but did not explicitly disclose an NTLM 
authentication. 
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However, AAPA disclosed NTLM authentication method (see for example pg 3 
lines 23-24). It would have been obvious to one of ordinary skill in this art at the time of 
invention to combine the teachings of Wood-Lim and AAPA, the rational to combine is 
discussed in claims 34 and 42 above. 

27. Regarding claim 50, the claim is rejected for the same reasons as the rejection to 
the combination of claims 34-37 and 42-45 above. 

Conclusion 

28. Examiner's Note: Examiner has cited particular columns and line numbers in 
the references applied to the claims above for the convenience of the applicant. 
Although the specified citations are representative of the teachings of the art and are 
applied to specific limitations within the individual claim, other passages and figures 
may apply as well. It is respectfully requested from the applicant in preparing 
responses, to fully consider the references in entirety as potentially teaching all or part 
of the claimed invention, as well as the context of the passage as taught by the prior art 
or disclosed by the Examiner. 

In the case of amending the claimed invention. Applicant is respectfully 
requested to indicate the portion(s) of the specification which dictate(s) the structure 
relied on for proper interpretation and also to verify and ascertain the metes and bounds 
of the claimed invention. 
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29. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Angela Widhalm whose telephone number is (571) 272- 
1035. The examiner can normally be reached M-F, 8:30 am - 5:00 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Bunjob Jaroenchonwanit can be reached on (571) 272-3913. The fax 
phone number for the organization where this application or proceeding is assigned is 
(571)273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status infonnation for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). AW, 12 April 2006 




bunJqb jaroenchonwanit 
supefwisory patent examiner 



